<?php
	$root = $_SERVER['DOCUMENT_ROOT'];
	include($root . "/util/session.php");
	include($root . "/util/privilege_check.php");
	checkPrivilege("admin");

	if($_SERVER["REQUEST_METHOD"] == "POST"){
		$username=mysqli_real_escape_string($db,$_POST['username']);
		$sql_query="select * from users where username = '$username'";
		$result=mysqli_query($db,$sql_query);
		//check if user exists
		if(mysqli_num_rows($result) == 0){
			$error="User doesn't exist";
		}
		else{
			$full_name=mysqli_real_escape_string($db,$_POST['full_name']);
			$usertype=mysqli_real_escape_string($db,$_POST['usertype']);
			$ssn=mysqli_real_escape_string($db,$_POST['ssn']);
			$gender=mysqli_real_escape_string($db,$_POST['gender']);
			$phone=mysqli_real_escape_string($db,$_POST['phone']);
			$email=mysqli_real_escape_string($db,$_POST['email']);
			$password=mysqli_real_escape_string($db,$_POST['password']);
			if($password != ""){
				$newpassword=true;
				$hash=password_hash($password,PASSWORD_DEFAULT);
				$users_sql_query="UPDATE `users` SET `password` = '$hash', `usertype` = '$usertype' WHERE `users`.`username` = '$username'";
			}
			else{
				$users_sql_query="UPDATE `users` SET `usertype` = '$usertype' WHERE `users`.`username` = '$username'";
			}
			$users_result=mysqli_query($db,$users_sql_query);
			$user_info_sql_query="UPDATE `user_info` SET `full_name` = '$full_name', `ssn` = '$ssn', `gender` = '$gender', `phone` = '$phone', `email` = '$email' WHERE `user_info`.`login` = '$username'";
			$user_info_result=mysqli_query($db,$user_info_sql_query);
			if($users_result && $user_info_result){
				header("Location: /admin/admin.php?msg=User modified");
			}
		}
	}
	else{
		$login=mysqli_real_escape_string($db,$_GET['login']);
		$query = "SELECT * FROM users join user_info on users.username=user_info.login where users.username='$login'";
		$result = mysqli_query($db,$query);
		if(mysqli_num_rows($result) == 0){
			$error = "no such user";
			exit;
		}
		else{
			$row=mysqli_fetch_assoc($result);
		}
	}
?>
<html>
<head>
	<title>Modify a user</title>
  	<link rel="stylesheet" type="text/css" href="adminStyle.css">
</head>
<body>
  	<?php
  	include($root . "/admin/header.php");
	?>
	<li><a href="/admin/admin.php">Back</a></li>
	<form action="/admin/userMod.php" method="post">
		<label for="username">Username of user to modify</label><br>
		<input type="text" id="username" name="username" value="<?php echo $row['username']?>"><br>
		<label for="password">User password:</label><br>
		<input type="password" id="password" name="password"><br>
		<label for="full_name">Full name:</label><br>
		<input type="text" id="full_name" name="full_name" value="<?php echo $row['full_name']?>"><br>
		<label for="usertype">User type:</label><br>
		<input type="radio" id="student" name="usertype" value="student" <?php if ($row['usertype'] == "student"){echo 'checked';}?>>
		<label for="student">Student</label><br>
		<input type="radio" id="teacher" name="usertype" value="teacher" <?php if ($row['usertype'] == "teacher"){echo 'checked';}?>>
		<label for="teacher">Teacher</label><br>
		<input type="radio" id="admin" name="usertype" value="admin" <?php if ($row['usertype'] == "admin"){echo 'checked';}?>>
		<label for="admin">Admin</label><br>
		<label for="ssn">Social Security Number:</label><br>
		<input type="text" id="ssn" name="ssn" value="<?php echo $row['full_name']?>"><br>
		<label for="gender">Gender:</label><br>
		<input type="text" id="gender" name="gender" value="<?php echo $row['gender']?>"><br>
		<label for="phone">Phone Number:</label><br>
		<input type="text" id="phone" name="phone" value="<?php echo $row['phone']?>"><br>
		<label for="email">Email Address:</label><br>
		<input type="email" id="email" name="email" value="<?php echo $row['email']?>"><br>
		<input type="submit" value="Submit">
	</form>
<div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php if(isset($error)){echo $error;} ?></div>

	<?php
  	include($root . "/admin/footer.php");
	?>
</body>
</html>
